recommendations for backups / cloning / redistribution
- Anmelden oder Registrieren um Kommentare zu schreiben
superduper is trying to sell their product to dumb contemporary mac users and their marketing reflects the most common use-case that they think will result in most sales. In fact however their software is flexible and useful for a wide variety of situations. It is a real shame it is not free software. I would actually have given them more money for making it if it was. Although it is not free software it has certainly increased my freedom as a mac user.
Anyway, I am not insisting on doing things the exact same way that I am used to. I have some starting points recommended on this thread, and I will try them when i get time and see what workflow I can come up with before asking too many more questions here!
I am very wary of the whole repo reliant constant update model. It seems like a security nightmare. I started using computers in a pre internet time and giving a third party essentially constant access to my system in that way makes me uneasy. It is part of why I'm ditching apple, only to find something similar in GNU/linux though doubtless with much better intentions.
this is straying OT again but.... If I was the NSA/GHQ/chinese-govt/russian-gangsters/insert-bogeyman-of-choice here - I would SO be targeting the debian repos since they are upstream of so much else - I very much doubt debian have the resources to counter that level of threat.
there's probably not that much we can do about it, not updating is not really an option either since many updates are fixing bugs that have actually left us vulnerable for years or decades before the update. we just have to hope that they are fixing bugs faster than creating them, but I wouldn't bet on it.
"Maybe I'm missing something but I don't know how cloning one machine and restoring it to another machine with different hardware doesn't cause problems"
in the specific case of apple it is simple, every osx install contains device drivers for every model of mac that that version of osx supports, back to an arbitrary earliest model that apple deem shall be capable of running a given system version. So as long as you stick to apple hardware it just works. It is the advantage of setting arbitrary limits to your system. The same thing could be done by a free software project, but i'm not aware of any serious attempts to do it. Supported hardware lists are a nod in that direction.
in the more general case, it does cause problems yes. But of all the changes that need to be made to a default system, installing device drivers for the specific hardware is maybe 5% of the job, so starting with a pretweaked system is 95% of the way there and the remaining 5% has to be done by hand.
Also I have 2 identical laptops, so in that case i need do nothing, I can even plug the drive from one into the other. Transferring to my other machines will require some thought about hardware, and that's why i'd like to be able to make an installer from my running system, so device drivers and grub can be easily (and maybe automatically) changed at install time.
according to this thread they are saying you could run into problems and its not recommended. And they are saying you have to use another program called migration assistant along with it.
http://www.mac-help.com/threads/installing-a-superduper-backup-from-a-different-machine.220661/
I gave you a two links related to what you want to do. But you tell me its exactly what you are trying to avoid. Thats why you seem so confusing to me.
The whole repo thing is the opposite of a security nightmare, its one strong point that linux has over other o/s's. Most machines are compromised because they didn't update a certain program in a timely manner. If the gov't was indeed trying to compromise an update upstream (pretty good linux logo there) Updating programs individually from various closed sources is the least secure method.
i suppose there could be problems with restoring to different hardware from a superduper backup in some cases, I haven't tested it extensively enough myself to be absolutely sure it would always work , but my point about a arbitrary limited system containing all possible device drivers for supported hardware holds. If you look in /system/library/extensions on osx you can see kernel extensions for a wide variety of hardware as used on many different models of mac, the installer does not just install what it needs for the specific model it is being installed on.
But that thread was almost content free, i don't think anyone there really had much clue what they were doing
some people like to say "oooh i wouldn't do that" reflexively because they are not sure that something will work, unless they can say why they are just demonstrating their own ignorance.
migration assistant is classic apple control-the-user-ware. Slow, too - I avoid it like the plague. It doesn't even work very well.
As for the security issues, I understand your point, but like anything in security it all depends what your threat model is, and there's no good answer. Obviously open source is always better, (though only if people actually check the code, just because something can happen doesn't mean it does happen) but I wasn't commenting on open or closed code, I was pointing out that a repo is a single point of failure.
If the NSA goes to the trouble to make a poisoned version of xcode to insert backdoors in appstore apps without the developer or apple knowing about it (and they did) what do you think they are doing to the much less heavily defended debian repo?
it isn't a question of thing X works and thing Y doesn't or thing X is better than thing Y it is a matter of everything is broken, we are all irretrievably screwed and what are we going to do about it?
Trisquel only ships free software. Inserting malware without being caught (by any user, since she is free to study the source code) becomes much harder, although not impossible (introducing an exploitable security issue in a way that looks legitimate, i.e., pretending to solve some bug).
The guy explaining it was a mod of the forum lol. I wouldn't do it, because its common sense.
A repo can be seen as a single point of code review too. Open source is considered safer because of more eyes on the code. Thats the whole philosophy. And it seems to usually play out true.
The FBI goes to the software developers themselves, as revealed in recent years by Nico Sell and the owner of Lavabit, and others. when they want backdoors into certain software. The issue about the NSA was about google playstore, and what they were "plannign to do" was causing the phones to secretly download extra data, not actual backdoors into the app software, but backdoors into their phone lol It wouln't work the same way on linux.
The only reason we are all invetiably screwed, is because all our firmware is closed source, and there is no way to scan them for malware, meaning all your hardware devices including your bios. The RIAA has been planting malware in dvd rom firmware for like 20 years just to destroy them, Its usally the first device to get infected....imho. What o/s you use doesn't matter.
I can say this about mac, the first and last macattack contest they sponsored at pwn2own in 2008, osx got compromised the first 2 mins of competition. literally, windows and linux lasted 3 days.
when catastrophic bugs hang around in open source software for years or decades without anyone noticing it even though dozens of people have looked at the code (heartbleed, shellshock) does rather reinforce that although open source is necessary for good security, it is not nearly sufficient.
you don't need malware if you have the right innocent bugs.
also you don't need to convince me of the security issues of closed source code, that's a given, especially on this forum I would think. I'm not defending it.
the issue you mention about the NSA and google playstore is separate from the one i mentioned about the app store and poisoned version of xcode. Presumably they did both, and much more we don't know about.
i don't find appeal-to-authority a convincing argument. nor is received wisdom == common sense
The point is, its way safer then the alternative.
The CIA hacking xcode was pure speculation. In reality it would work the same way snowden revealed about google playstore. And again, the apps themselves would not be infected because of security protocols, but the phone itself would download extra data.
I have no idea what you mean by appeal-to-authority?
you use apple osx, an operating system for slaves, that is way less secure then windows and linux imho.
Not keeping the software up to date probably is more risky.
I agree, at least for an online computer. I'm trying to take some of mine offline.
Thats why apple is least secure, because they wait the longest to update their systems with security patches. This was the case with shellshock too. Which is absurd.
I agree it is absurd, but to keep some proportion a standard desktop apple install was not vulnerable to shellshock, you had to be running a server, which is not their core user base.
thats what they said at first, they lied to you! They even held back the update to prove their point, deplorable. IMO, most of us are still vulnerable, because most people still use internet facing software that has bash in it. I mean you were just talking about installing bad software. Which can happen on any o/s. For apple to hold back the update was criminal.
In most cases, --help is enough for a quick reminder.
> Also in terminal you have to type precisely, which is not my strong point, and text editing is minimal, in most terminals only backspace seems to work, i can't correct like in a normal text editor, furthermore if I have assembled a long command, i can't copy and paste using ctrl-c ctrl-v but have to use the menu items for copy and paste - what is that about??)
bash has extensive text editing capabilities. Read the manual page.man bash (search for c-a)
that writer (in the articles you posted links to) is distinguishing between 2 different things laboriously and using the word stupid for both of them. The word ignorant is more correct and already exists for one of his meanings. If I don't know about something then I am ignorant of it, not stupid about it.
That's what I meant. Call it ignorant if you will.
thanks, sounds like it would work, but do I understand correctly that clonezilla has to be run either from another machine on the network or from a live usb stick, it can't run on the install it is making an image of?
is there anything will make an image (preferably a mountable image) of the same system it is running on? It sounds a bit self referential, but superduper on osx does this and it is really convenient.
or from another partition.
- Anmelden oder Registrieren um Kommentare zu schreiben